{"id":47718,"date":"2022-11-10T01:45:13","date_gmt":"2022-11-10T01:45:13","guid":{"rendered":"https:\/\/www.dumpsbase.com\/freedumps\/?p=47718"},"modified":"2022-11-10T01:45:19","modified_gmt":"2022-11-10T01:45:19","slug":"crowdstrike-certified-falcon-administrator-ccfa-study-guide-ccfa-200-dumps-online","status":"publish","type":"post","link":"https:\/\/www.dumpsbase.com\/freedumps\/crowdstrike-certified-falcon-administrator-ccfa-study-guide-ccfa-200-dumps-online.html","title":{"rendered":"CrowdStrike Certified Falcon Administrator CCFA Study Guide CCFA-200 Dumps Online"},"content":{"rendered":"\n<p>No need to waste your valuable time searching the CCFA study guide to prepare for the CrowdStrike Certified Falcon Administrator certification exam, just come to DumpsBase to choose the CCFA-200 dumps as the preparation materials. CCFA-200 dumps of DumpsBase come with incredible features, which are enough to help you breeze through the CCFA-200 CrowdStrike Certified Falcon Administrator certification exam. Our latest CCFA-200 dumps questions come with CrowdStrike Certified Falcon Administrator CCFA-200 precise answers which you will encounter on the final test.<\/p>\n<h2>Feel free to read <em><span style=\"color: #00ff00;\">CrowdStrike CCFA-200 demo questions online<\/span><\/em> first:<\/h2>\n<script>\n\t  window.fbAsyncInit = function() {\n\t    FB.init({\n\t      appId            : '622169541470367',\n\t      autoLogAppEvents : true,\n\t      xfbml            : true,\n\t      version          : 'v3.1'\n\t    });\n\t  };\n\t\n\t  (function(d, s, id){\n\t     var js, fjs = d.getElementsByTagName(s)[0];\n\t     if (d.getElementById(id)) {return;}\n\t     js = d.createElement(s); js.id = id;\n\t     js.src = \"https:\/\/connect.facebook.net\/en_US\/sdk.js\";\n\t     fjs.parentNode.insertBefore(js, fjs);\n\t   }(document, 'script', 'facebook-jssdk'));\n\t<\/script><script type=\"text\/javascript\" >\ndocument.addEventListener(\"DOMContentLoaded\", function(event) { \nif(!window.jQuery) alert(\"The important jQuery library is not properly loaded in your site. Your WordPress theme is probably missing the essential wp_head() call. You can switch to another theme and you will see that the plugin works fine and this notice disappears. If you are still not sure what to do you can contact us for help.\");\n});\n<\/script>  \n  \n<div  id=\"watupro_quiz\" class=\"quiz-area single-page-quiz\">\n<p id=\"submittingExam6763\" style=\"display:none;text-align:center;\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/plugins\/watupro\/img\/loading.gif\" width=\"16\" height=\"16\"><\/p>\n\n<div class=\"watupro-exam-description\" id=\"description-quiz-6763\"><\/div>\n\n<form action=\"\" method=\"post\" class=\"quiz-form\" id=\"quiz-6763\"  enctype=\"multipart\/form-data\" >\n<div class='watu-question ' id='question-1' style=';'><div id='questionWrap-1'  class='   watupro-question-id-241561'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>1. <\/span>An analyst has reported they are not receiving workflow triggered notifications in the past few days. <br \/>\r<br>Where should you first check for potential failures?<\/div><input type='hidden' name='question_id[]' id='qID_1' value='241561' \/><input type='hidden' id='answerType241561' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241561[]' id='answer-id-957368' class='answer   answerof-241561 ' value='957368'   \/><label for='answer-id-957368' id='answer-label-957368' class=' answer'><span>Custom Alert History<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241561[]' id='answer-id-957369' class='answer   answerof-241561 ' value='957369'   \/><label for='answer-id-957369' id='answer-label-957369' class=' answer'><span>Workflow Execution log<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241561[]' id='answer-id-957370' class='answer   answerof-241561 ' value='957370'   \/><label for='answer-id-957370' id='answer-label-957370' class=' answer'><span>Workflow Audit log<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241561[]' id='answer-id-957371' class='answer   answerof-241561 ' value='957371'   \/><label for='answer-id-957371' id='answer-label-957371' class=' answer'><span>Falcon UI Audit Trail<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-2' style=';'><div id='questionWrap-2'  class='   watupro-question-id-241562'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>2. <\/span>How are user permissions set in Falcon?<\/div><input type='hidden' name='question_id[]' id='qID_2' value='241562' \/><input type='hidden' id='answerType241562' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241562[]' id='answer-id-957372' class='answer   answerof-241562 ' value='957372'   \/><label for='answer-id-957372' id='answer-label-957372' class=' answer'><span>Permissions are assigned to a User Group and then users are assigned to that group, thereby inheriting those permissions<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241562[]' id='answer-id-957373' class='answer   answerof-241562 ' value='957373'   \/><label for='answer-id-957373' id='answer-label-957373' class=' answer'><span>Pre-defined permissions are assigned to sets called roles. Users can be assigned multiple roles based on job function and they assume a cumulative set of permissions based on those assignments<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241562[]' id='answer-id-957374' class='answer   answerof-241562 ' value='957374'   \/><label for='answer-id-957374' id='answer-label-957374' class=' answer'><span>An administrator selects individual granular permissions from the Falcon Permissions List during user creation<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241562[]' id='answer-id-957375' class='answer   answerof-241562 ' value='957375'   \/><label for='answer-id-957375' id='answer-label-957375' class=' answer'><span>Permissions are token-based. Users request access to a defined set of permissions and an administrator adds their token to the set of permissions<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-3' style=';'><div id='questionWrap-3'  class='   watupro-question-id-241563'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>3. <\/span>When creating new IOCs in IOC management, which of the following fields must be configured?<\/div><input type='hidden' name='question_id[]' id='qID_3' value='241563' \/><input type='hidden' id='answerType241563' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241563[]' id='answer-id-957376' class='answer   answerof-241563 ' value='957376'   \/><label for='answer-id-957376' id='answer-label-957376' class=' answer'><span>Hash, Description, Filename<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241563[]' id='answer-id-957377' class='answer   answerof-241563 ' value='957377'   \/><label for='answer-id-957377' id='answer-label-957377' class=' answer'><span>Hash, Action and Expiry Date<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241563[]' id='answer-id-957378' class='answer   answerof-241563 ' value='957378'   \/><label for='answer-id-957378' id='answer-label-957378' class=' answer'><span>Filename, Severity and Expiry Date<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241563[]' id='answer-id-957379' class='answer   answerof-241563 ' value='957379'   \/><label for='answer-id-957379' id='answer-label-957379' class=' answer'><span>Hash, Platform and Action<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-4' style=';'><div id='questionWrap-4'  class='   watupro-question-id-241564'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>4. <\/span>Your organization has a set of servers that are not allowed to be accessed remotely, including via Real Time Response (RTR). You already have these servers in their own Falcon host group. <br \/>\r<br>What is the next step to disable RTR only on these hosts?<\/div><input type='hidden' name='question_id[]' id='qID_4' value='241564' \/><input type='hidden' id='answerType241564' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241564[]' id='answer-id-957380' class='answer   answerof-241564 ' value='957380'   \/><label for='answer-id-957380' id='answer-label-957380' class=' answer'><span>Edit the Default Response Policy, toggle the &quot;Real Time Response&quot; switch off and assign the policy to the host group<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241564[]' id='answer-id-957381' class='answer   answerof-241564 ' value='957381'   \/><label for='answer-id-957381' id='answer-label-957381' class=' answer'><span>Edit the Default Response Policy and add the host group to the exceptions list under &quot;Real Time Functionality&quot;<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241564[]' id='answer-id-957382' class='answer   answerof-241564 ' value='957382'   \/><label for='answer-id-957382' id='answer-label-957382' class=' answer'><span>Create a new Response Policy, toggle the &quot;Real Time Response&quot; switch off and assign the policy to the host group<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241564[]' id='answer-id-957383' class='answer   answerof-241564 ' value='957383'   \/><label for='answer-id-957383' id='answer-label-957383' class=' answer'><span>Create a new Response Policy and add the host name to the exceptions list under &quot;Real Time Functionality&quot;<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-5' style=';'><div id='questionWrap-5'  class='   watupro-question-id-241565'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>5. <\/span>Which exclusion pattern will prevent detections on a file at C:Program FilesMy ProgramMy Filesprogram.exe?<\/div><input type='hidden' name='question_id[]' id='qID_5' value='241565' \/><input type='hidden' id='answerType241565' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241565[]' id='answer-id-957384' class='answer   answerof-241565 ' value='957384'   \/><label for='answer-id-957384' id='answer-label-957384' class=' answer'><span>Program FilesMy ProgramMy Files*<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241565[]' id='answer-id-957385' class='answer   answerof-241565 ' value='957385'   \/><label for='answer-id-957385' id='answer-label-957385' class=' answer'><span>Program FilesMy Program*<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241565[]' id='answer-id-957386' class='answer   answerof-241565 ' value='957386'   \/><label for='answer-id-957386' id='answer-label-957386' class=' answer'><span>**<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241565[]' id='answer-id-957387' class='answer   answerof-241565 ' value='957387'   \/><label for='answer-id-957387' id='answer-label-957387' class=' answer'><span>*Program FilesMy Program*<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-6' style=';'><div id='questionWrap-6'  class='   watupro-question-id-241566'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>6. <\/span>Once an exclusion is saved, what can be edited in the future?<\/div><input type='hidden' name='question_id[]' id='qID_6' value='241566' \/><input type='hidden' id='answerType241566' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241566[]' id='answer-id-957388' class='answer   answerof-241566 ' value='957388'   \/><label for='answer-id-957388' id='answer-label-957388' class=' answer'><span>All parts of the exclusion can be changed<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241566[]' id='answer-id-957389' class='answer   answerof-241566 ' value='957389'   \/><label for='answer-id-957389' id='answer-label-957389' class=' answer'><span>Only the selected groups and hosts to which the exclusion is applied can be changed<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241566[]' id='answer-id-957390' class='answer   answerof-241566 ' value='957390'   \/><label for='answer-id-957390' id='answer-label-957390' class=' answer'><span>Only the options to &quot;Detect\/Block&quot; and\/or &quot;File Extraction&quot; can be changed<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241566[]' id='answer-id-957391' class='answer   answerof-241566 ' value='957391'   \/><label for='answer-id-957391' id='answer-label-957391' class=' answer'><span>The exclusion pattern cannot be changed<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-7' style=';'><div id='questionWrap-7'  class='   watupro-question-id-241567'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>7. <\/span>Why is the ability to disable detections helpful?<\/div><input type='hidden' name='question_id[]' id='qID_7' value='241567' \/><input type='hidden' id='answerType241567' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241567[]' id='answer-id-957392' class='answer   answerof-241567 ' value='957392'   \/><label for='answer-id-957392' id='answer-label-957392' class=' answer'><span>It gives users the ability to set up hosts to test detections and later remove them from the console<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241567[]' id='answer-id-957393' class='answer   answerof-241567 ' value='957393'   \/><label for='answer-id-957393' id='answer-label-957393' class=' answer'><span>It gives users the ability to uninstall the sensor from a host<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241567[]' id='answer-id-957394' class='answer   answerof-241567 ' value='957394'   \/><label for='answer-id-957394' id='answer-label-957394' class=' answer'><span>It gives users the ability to allowlist a false positive detection<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241567[]' id='answer-id-957395' class='answer   answerof-241567 ' value='957395'   \/><label for='answer-id-957395' id='answer-label-957395' class=' answer'><span>It gives users the ability to remove all data from hosts that have been uninstalled<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-8' style=';'><div id='questionWrap-8'  class='   watupro-question-id-241568'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>8. <\/span>What impact does disabling detections on a host have on an API?<\/div><input type='hidden' name='question_id[]' id='qID_8' value='241568' \/><input type='hidden' id='answerType241568' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241568[]' id='answer-id-957396' class='answer   answerof-241568 ' value='957396'   \/><label for='answer-id-957396' id='answer-label-957396' class=' answer'><span>Endpoints with detections disabled will not alert on anything until detections are enabled again<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241568[]' id='answer-id-957397' class='answer   answerof-241568 ' value='957397'   \/><label for='answer-id-957397' id='answer-label-957397' class=' answer'><span>Endpoints cannot have their detections disabled individually<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241568[]' id='answer-id-957398' class='answer   answerof-241568 ' value='957398'   \/><label for='answer-id-957398' id='answer-label-957398' class=' answer'><span>DetectionSummaryEvent stops sending to the Streaming API for that host<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241568[]' id='answer-id-957399' class='answer   answerof-241568 ' value='957399'   \/><label for='answer-id-957399' id='answer-label-957399' class=' answer'><span>Endpoints with detections disabled will not alert on anything for 24 hours (by default) or longer if that setting is changed<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-9' style=';'><div id='questionWrap-9'  class='   watupro-question-id-241569'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>9. <\/span>What is the purpose of using groups with Sensor Update policies in CrowdStrike Falcon?<\/div><input type='hidden' name='question_id[]' id='qID_9' value='241569' \/><input type='hidden' id='answerType241569' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241569[]' id='answer-id-957400' class='answer   answerof-241569 ' value='957400'   \/><label for='answer-id-957400' id='answer-label-957400' class=' answer'><span>To group hosts with others in the same business unit<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241569[]' id='answer-id-957401' class='answer   answerof-241569 ' value='957401'   \/><label for='answer-id-957401' id='answer-label-957401' class=' answer'><span>To group hosts according to the order in which Falcon was installed, so that updates are installed in the same order every time<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241569[]' id='answer-id-957402' class='answer   answerof-241569 ' value='957402'   \/><label for='answer-id-957402' id='answer-label-957402' class=' answer'><span>To prioritize the order in which Falcon updates are installed, so that updates are not installed all at once leading to network congestion<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241569[]' id='answer-id-957403' class='answer   answerof-241569 ' value='957403'   \/><label for='answer-id-957403' id='answer-label-957403' class=' answer'><span>To allow the controlled assignment of sensor versions onto specific hosts<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-10' style=';'><div id='questionWrap-10'  class='   watupro-question-id-241570'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>10. <\/span>What command should be run to verify if a Windows sensor is running?<\/div><input type='hidden' name='question_id[]' id='qID_10' value='241570' \/><input type='hidden' id='answerType241570' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241570[]' id='answer-id-957404' class='answer   answerof-241570 ' value='957404'   \/><label for='answer-id-957404' id='answer-label-957404' class=' answer'><span>regedit myfile.reg<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241570[]' id='answer-id-957405' class='answer   answerof-241570 ' value='957405'   \/><label for='answer-id-957405' id='answer-label-957405' class=' answer'><span>sc query csagent<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241570[]' id='answer-id-957406' class='answer   answerof-241570 ' value='957406'   \/><label for='answer-id-957406' id='answer-label-957406' class=' answer'><span>netstat -f<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241570[]' id='answer-id-957407' class='answer   answerof-241570 ' value='957407'   \/><label for='answer-id-957407' id='answer-label-957407' class=' answer'><span>ps -ef | grep falcon<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-11' style=';'><div id='questionWrap-11'  class='   watupro-question-id-241571'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>11. <\/span>Under the &quot;Next-Gen Antivirus: Cloud Machine Learning&quot; setting there are two categories, one of them is &quot;Cloud Anti-Malware&quot; and the other is:<\/div><input type='hidden' name='question_id[]' id='qID_11' value='241571' \/><input type='hidden' id='answerType241571' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241571[]' id='answer-id-957408' class='answer   answerof-241571 ' value='957408'   \/><label for='answer-id-957408' id='answer-label-957408' class=' answer'><span>Adware &amp; PUP<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241571[]' id='answer-id-957409' class='answer   answerof-241571 ' value='957409'   \/><label for='answer-id-957409' id='answer-label-957409' class=' answer'><span>Advanced Machine Learning<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241571[]' id='answer-id-957410' class='answer   answerof-241571 ' value='957410'   \/><label for='answer-id-957410' id='answer-label-957410' class=' answer'><span>Sensor Anti-Malware<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241571[]' id='answer-id-957411' class='answer   answerof-241571 ' value='957411'   \/><label for='answer-id-957411' id='answer-label-957411' class=' answer'><span>Execution Blocking<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-12' style=';'><div id='questionWrap-12'  class='   watupro-question-id-241572'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>12. <\/span>What is the purpose of precedence with respect to the Sensor Update policy?<\/div><input type='hidden' name='question_id[]' id='qID_12' value='241572' \/><input type='hidden' id='answerType241572' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241572[]' id='answer-id-957412' class='answer   answerof-241572 ' value='957412'   \/><label for='answer-id-957412' id='answer-label-957412' class=' answer'><span>Precedence applies to the Prevention policy and not to the Sensor Update policy<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241572[]' id='answer-id-957413' class='answer   answerof-241572 ' value='957413'   \/><label for='answer-id-957413' id='answer-label-957413' class=' answer'><span>Hosts assigned to multiple policies will assume the highest ranked policy in the list (policy with the lowest number)<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241572[]' id='answer-id-957414' class='answer   answerof-241572 ' value='957414'   \/><label for='answer-id-957414' id='answer-label-957414' class=' answer'><span>Hosts assigned to multiple policies will assume the lowest ranked policy in the list (policy with the highest number)<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241572[]' id='answer-id-957415' class='answer   answerof-241572 ' value='957415'   \/><label for='answer-id-957415' id='answer-label-957415' class=' answer'><span>Precedence ensures that conflicting policy settings are not set in the same policy<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-13' style=';'><div id='questionWrap-13'  class='   watupro-question-id-241573'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>13. <\/span>Which is the correct order for manually installing a Falcon Package on a macOS system?<\/div><input type='hidden' name='question_id[]' id='qID_13' value='241573' \/><input type='hidden' id='answerType241573' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241573[]' id='answer-id-957416' class='answer   answerof-241573 ' value='957416'   \/><label for='answer-id-957416' id='answer-label-957416' class=' answer'><span>Install the Falcon package, then register the Falcon Sensor via the registration package<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241573[]' id='answer-id-957417' class='answer   answerof-241573 ' value='957417'   \/><label for='answer-id-957417' id='answer-label-957417' class=' answer'><span>Install the Falcon package, then register the Falcon Sensor via command line<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241573[]' id='answer-id-957418' class='answer   answerof-241573 ' value='957418'   \/><label for='answer-id-957418' id='answer-label-957418' class=' answer'><span>Register the Falcon Sensor via command line, then install the Falcon package<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241573[]' id='answer-id-957419' class='answer   answerof-241573 ' value='957419'   \/><label for='answer-id-957419' id='answer-label-957419' class=' answer'><span>Register the Falcon Sensor via the registration package, then install the Falcon package<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-14' style=';'><div id='questionWrap-14'  class='   watupro-question-id-241574'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>14. <\/span>When uninstalling a sensor, which of the following is required if the 'Uninstall and maintenance protection' setting is enabled within the Sensor Update Policies?<\/div><input type='hidden' name='question_id[]' id='qID_14' value='241574' \/><input type='hidden' id='answerType241574' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241574[]' id='answer-id-957420' class='answer   answerof-241574 ' value='957420'   \/><label for='answer-id-957420' id='answer-label-957420' class=' answer'><span>Maintenance token<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241574[]' id='answer-id-957421' class='answer   answerof-241574 ' value='957421'   \/><label for='answer-id-957421' id='answer-label-957421' class=' answer'><span>Customer ID (CID)<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241574[]' id='answer-id-957422' class='answer   answerof-241574 ' value='957422'   \/><label for='answer-id-957422' id='answer-label-957422' class=' answer'><span>Bulk update key<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241574[]' id='answer-id-957423' class='answer   answerof-241574 ' value='957423'   \/><label for='answer-id-957423' id='answer-label-957423' class=' answer'><span>Agent ID (AID)<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-15' style=';'><div id='questionWrap-15'  class='   watupro-question-id-241575'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>15. <\/span>Which of the following Machine Learning (ML) sliders will only detect or prevent high confidence malicious items?<\/div><input type='hidden' name='question_id[]' id='qID_15' value='241575' \/><input type='hidden' id='answerType241575' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241575[]' id='answer-id-957424' class='answer   answerof-241575 ' value='957424'   \/><label for='answer-id-957424' id='answer-label-957424' class=' answer'><span>Aggressive<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241575[]' id='answer-id-957425' class='answer   answerof-241575 ' value='957425'   \/><label for='answer-id-957425' id='answer-label-957425' class=' answer'><span>Cautious<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241575[]' id='answer-id-957426' class='answer   answerof-241575 ' value='957426'   \/><label for='answer-id-957426' id='answer-label-957426' class=' answer'><span>Minimal<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241575[]' id='answer-id-957427' class='answer   answerof-241575 ' value='957427'   \/><label for='answer-id-957427' id='answer-label-957427' class=' answer'><span>Moderate<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-16' style=';'><div id='questionWrap-16'  class='   watupro-question-id-241576'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>16. <\/span>You are attempting to install the Falcon sensor on a host with a slow Internet connection and the installation fails after 20 minutes. <br \/>\r<br>Which of the following parameters can be used to override the 20 minute default provisioning window?<\/div><input type='hidden' name='question_id[]' id='qID_16' value='241576' \/><input type='hidden' id='answerType241576' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241576[]' id='answer-id-957428' class='answer   answerof-241576 ' value='957428'   \/><label for='answer-id-957428' id='answer-label-957428' class=' answer'><span>ExtendedWindow=1<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241576[]' id='answer-id-957429' class='answer   answerof-241576 ' value='957429'   \/><label for='answer-id-957429' id='answer-label-957429' class=' answer'><span>Timeout=0<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241576[]' id='answer-id-957430' class='answer   answerof-241576 ' value='957430'   \/><label for='answer-id-957430' id='answer-label-957430' class=' answer'><span>ProvNoWait=1<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241576[]' id='answer-id-957431' class='answer   answerof-241576 ' value='957431'   \/><label for='answer-id-957431' id='answer-label-957431' class=' answer'><span>Timeout=30<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-17' style=';'><div id='questionWrap-17'  class='   watupro-question-id-241577'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>17. <\/span>Your CISO has decided all Falcon Analysts should also have the ability to view files and file contents locally on compromised hosts, but without the ability to take them off the host. <br \/>\r<br>What is the most appropriate role that can be added to fullfil this requirement?<\/div><input type='hidden' name='question_id[]' id='qID_17' value='241577' \/><input type='hidden' id='answerType241577' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241577[]' id='answer-id-957432' class='answer   answerof-241577 ' value='957432'   \/><label for='answer-id-957432' id='answer-label-957432' class=' answer'><span>Remediation Manager<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241577[]' id='answer-id-957433' class='answer   answerof-241577 ' value='957433'   \/><label for='answer-id-957433' id='answer-label-957433' class=' answer'><span>Real Time Responder C Read Only Analyst<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241577[]' id='answer-id-957434' class='answer   answerof-241577 ' value='957434'   \/><label for='answer-id-957434' id='answer-label-957434' class=' answer'><span>Falcon Analyst C Read Only<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241577[]' id='answer-id-957435' class='answer   answerof-241577 ' value='957435'   \/><label for='answer-id-957435' id='answer-label-957435' class=' answer'><span>Real Time Responder C Active Responder<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-18' style=';'><div id='questionWrap-18'  class='   watupro-question-id-241578'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>18. <\/span>Which option allows you to exclude behavioral detections from the detections page?<\/div><input type='hidden' name='question_id[]' id='qID_18' value='241578' \/><input type='hidden' id='answerType241578' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241578[]' id='answer-id-957436' class='answer   answerof-241578 ' value='957436'   \/><label for='answer-id-957436' id='answer-label-957436' class=' answer'><span>Machine Learning Exclusion<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241578[]' id='answer-id-957437' class='answer   answerof-241578 ' value='957437'   \/><label for='answer-id-957437' id='answer-label-957437' class=' answer'><span>IOA Exclusion<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241578[]' id='answer-id-957438' class='answer   answerof-241578 ' value='957438'   \/><label for='answer-id-957438' id='answer-label-957438' class=' answer'><span>IOC Exclusion<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241578[]' id='answer-id-957439' class='answer   answerof-241578 ' value='957439'   \/><label for='answer-id-957439' id='answer-label-957439' class=' answer'><span>Sensor Visibility Exclusion<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-19' style=';'><div id='questionWrap-19'  class='   watupro-question-id-241579'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>19. <\/span>Which role will allow someone to manage quarantine files?<\/div><input type='hidden' name='question_id[]' id='qID_19' value='241579' \/><input type='hidden' id='answerType241579' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241579[]' id='answer-id-957440' class='answer   answerof-241579 ' value='957440'   \/><label for='answer-id-957440' id='answer-label-957440' class=' answer'><span>Falcon Security Lead<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241579[]' id='answer-id-957441' class='answer   answerof-241579 ' value='957441'   \/><label for='answer-id-957441' id='answer-label-957441' class=' answer'><span>Detections Exceptions Manager<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241579[]' id='answer-id-957442' class='answer   answerof-241579 ' value='957442'   \/><label for='answer-id-957442' id='answer-label-957442' class=' answer'><span>Falcon Analyst C Read Only<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241579[]' id='answer-id-957443' class='answer   answerof-241579 ' value='957443'   \/><label for='answer-id-957443' id='answer-label-957443' class=' answer'><span>Endpoint Manager<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-20' style=';'><div id='questionWrap-20'  class='   watupro-question-id-241580'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>20. <\/span>When a host is placed in Network Containment, which of the following is TRUE?<\/div><input type='hidden' name='question_id[]' id='qID_20' value='241580' \/><input type='hidden' id='answerType241580' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241580[]' id='answer-id-957444' class='answer   answerof-241580 ' value='957444'   \/><label for='answer-id-957444' id='answer-label-957444' class=' answer'><span>The host machine is unable to send or receive network traffic outside of the local network<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241580[]' id='answer-id-957445' class='answer   answerof-241580 ' value='957445'   \/><label for='answer-id-957445' id='answer-label-957445' class=' answer'><span>The host machine is unable to send or receive network traffic except to\/from the Falcon Cloud and traffic allowed in the Firewall Policy<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241580[]' id='answer-id-957446' class='answer   answerof-241580 ' value='957446'   \/><label for='answer-id-957446' id='answer-label-957446' class=' answer'><span>The host machine is unable to send or receive any network traffic<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241580[]' id='answer-id-957447' class='answer   answerof-241580 ' value='957447'   \/><label for='answer-id-957447' id='answer-label-957447' class=' answer'><span>The host machine is unable to send or receive network traffic except to\/from the Falcon Cloud and any resources allowlisted in the Containment Policy<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-21' style=';'><div id='questionWrap-21'  class='   watupro-question-id-241581'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>21. <\/span>How do you disable all detections for a host?<\/div><input type='hidden' name='question_id[]' id='qID_21' value='241581' \/><input type='hidden' id='answerType241581' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241581[]' id='answer-id-957448' class='answer   answerof-241581 ' value='957448'   \/><label for='answer-id-957448' id='answer-label-957448' class=' answer'><span>Create an exclusion rule and apply it to the machine or group of machines<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241581[]' id='answer-id-957449' class='answer   answerof-241581 ' value='957449'   \/><label for='answer-id-957449' id='answer-label-957449' class=' answer'><span>Contact support and provide them with the Agent ID (AID) for the machine and they will put it on the Disabled Hosts list in your Customer ID (CID)<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241581[]' id='answer-id-957450' class='answer   answerof-241581 ' value='957450'   \/><label for='answer-id-957450' id='answer-label-957450' class=' answer'><span>You cannot disable all detections on individual hosts as it would put them at risk<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241581[]' id='answer-id-957451' class='answer   answerof-241581 ' value='957451'   \/><label for='answer-id-957451' id='answer-label-957451' class=' answer'><span>In Host Management, select the host and then choose the option to Disable Detections<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-22' style=';'><div id='questionWrap-22'  class='   watupro-question-id-241582'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>22. <\/span>In order to quarantine files on the host, what prevention policy settings must be enabled?<\/div><input type='hidden' name='question_id[]' id='qID_22' value='241582' \/><input type='hidden' id='answerType241582' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241582[]' id='answer-id-957452' class='answer   answerof-241582 ' value='957452'   \/><label for='answer-id-957452' id='answer-label-957452' class=' answer'><span>Malware Protection and Custom Execution Blocking must be enabled<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241582[]' id='answer-id-957453' class='answer   answerof-241582 ' value='957453'   \/><label for='answer-id-957453' id='answer-label-957453' class=' answer'><span>Next-Gen Antivirus Prevention sliders and &quot;Quarantine &amp; Security Center Registration&quot; must be enabled<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241582[]' id='answer-id-957454' class='answer   answerof-241582 ' value='957454'   \/><label for='answer-id-957454' id='answer-label-957454' class=' answer'><span>Malware Protection and Windows Anti-Malware Execution Blocking must be enabled<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241582[]' id='answer-id-957455' class='answer   answerof-241582 ' value='957455'   \/><label for='answer-id-957455' id='answer-label-957455' class=' answer'><span>Behavior-Based Threat Prevention sliders and Advanced Remediation Actions must be enabled<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-23' style=';'><div id='questionWrap-23'  class='   watupro-question-id-241583'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>23. <\/span>What is the maximum number of patterns that can be added when creating a new exclusion?<\/div><input type='hidden' name='question_id[]' id='qID_23' value='241583' \/><input type='hidden' id='answerType241583' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241583[]' id='answer-id-957456' class='answer   answerof-241583 ' value='957456'   \/><label for='answer-id-957456' id='answer-label-957456' class=' answer'><span>10<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241583[]' id='answer-id-957457' class='answer   answerof-241583 ' value='957457'   \/><label for='answer-id-957457' id='answer-label-957457' class=' answer'><span>0<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241583[]' id='answer-id-957458' class='answer   answerof-241583 ' value='957458'   \/><label for='answer-id-957458' id='answer-label-957458' class=' answer'><span>1<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241583[]' id='answer-id-957459' class='answer   answerof-241583 ' value='957459'   \/><label for='answer-id-957459' id='answer-label-957459' class=' answer'><span>5<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-24' style=';'><div id='questionWrap-24'  class='   watupro-question-id-241584'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>24. <\/span>Which of the following is TRUE of the Logon Activities Report?<\/div><input type='hidden' name='question_id[]' id='qID_24' value='241584' \/><input type='hidden' id='answerType241584' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241584[]' id='answer-id-957460' class='answer   answerof-241584 ' value='957460'   \/><label for='answer-id-957460' id='answer-label-957460' class=' answer'><span>Shows a graphical view of user logon activity and the hosts the user connected to<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241584[]' id='answer-id-957461' class='answer   answerof-241584 ' value='957461'   \/><label for='answer-id-957461' id='answer-label-957461' class=' answer'><span>The report can be filtered by computer name<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241584[]' id='answer-id-957462' class='answer   answerof-241584 ' value='957462'   \/><label for='answer-id-957462' id='answer-label-957462' class=' answer'><span>It gives a detailed list of all logon activity for users<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241584[]' id='answer-id-957463' class='answer   answerof-241584 ' value='957463'   \/><label for='answer-id-957463' id='answer-label-957463' class=' answer'><span>It only gives a summary of the last logon activity for users<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-25' style=';'><div id='questionWrap-25'  class='   watupro-question-id-241585'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>25. <\/span>You have created a Sensor Update Policy for the Mac platform. <br \/>\r<br>Which other operating system(s) will this policy manage?<\/div><input type='hidden' name='question_id[]' id='qID_25' value='241585' \/><input type='hidden' id='answerType241585' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241585[]' id='answer-id-957464' class='answer   answerof-241585 ' value='957464'   \/><label for='answer-id-957464' id='answer-label-957464' class=' answer'><span>*nix<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241585[]' id='answer-id-957465' class='answer   answerof-241585 ' value='957465'   \/><label for='answer-id-957465' id='answer-label-957465' class=' answer'><span>Windows<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241585[]' id='answer-id-957466' class='answer   answerof-241585 ' value='957466'   \/><label for='answer-id-957466' id='answer-label-957466' class=' answer'><span>Both Windows and *nix<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241585[]' id='answer-id-957467' class='answer   answerof-241585 ' value='957467'   \/><label for='answer-id-957467' id='answer-label-957467' class=' answer'><span>Only Mac<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-26' style=';'><div id='questionWrap-26'  class='   watupro-question-id-241586'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>26. <\/span>You have determined that you have numerous Machine Learning detections in your environment that are false positives. They are caused by a single binary that was custom written by a vendor for you and that binary is running on many endpoints. <br \/>\r<br>What is the best way to prevent these in the future?<\/div><input type='hidden' name='question_id[]' id='qID_26' value='241586' \/><input type='hidden' id='answerType241586' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241586[]' id='answer-id-957468' class='answer   answerof-241586 ' value='957468'   \/><label for='answer-id-957468' id='answer-label-957468' class=' answer'><span>Contact support and request that they modify the Machine Learning settings to no longer include this detection<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241586[]' id='answer-id-957469' class='answer   answerof-241586 ' value='957469'   \/><label for='answer-id-957469' id='answer-label-957469' class=' answer'><span>Using IOC Management, add the hash of the binary in question and set the action to &quot;Allow&quot;<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241586[]' id='answer-id-957470' class='answer   answerof-241586 ' value='957470'   \/><label for='answer-id-957470' id='answer-label-957470' class=' answer'><span>Using IOC Management, add the hash of the binary in question and set the action to &quot;Block, hide detection&quot;<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241586[]' id='answer-id-957471' class='answer   answerof-241586 ' value='957471'   \/><label for='answer-id-957471' id='answer-label-957471' class=' answer'><span>Using IOC Management, add the hash of the binary in question and set the action to &quot;No Action&quot;<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-27' style=';'><div id='questionWrap-27'  class='   watupro-question-id-241587'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>27. <\/span>What is the most common cause of a Windows Sensor entering Reduced Functionality Mode (RFM)?<\/div><input type='hidden' name='question_id[]' id='qID_27' value='241587' \/><input type='hidden' id='answerType241587' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241587[]' id='answer-id-957472' class='answer   answerof-241587 ' value='957472'   \/><label for='answer-id-957472' id='answer-label-957472' class=' answer'><span>Falcon console updates are pending<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241587[]' id='answer-id-957473' class='answer   answerof-241587 ' value='957473'   \/><label for='answer-id-957473' id='answer-label-957473' class=' answer'><span>Falcon sensors installing an update<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241587[]' id='answer-id-957474' class='answer   answerof-241587 ' value='957474'   \/><label for='answer-id-957474' id='answer-label-957474' class=' answer'><span>Notifications have been disabled on that host sensor<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241587[]' id='answer-id-957475' class='answer   answerof-241587 ' value='957475'   \/><label for='answer-id-957475' id='answer-label-957475' class=' answer'><span>Microsoft updates<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-28' style=';'><div id='questionWrap-28'  class='   watupro-question-id-241588'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>28. <\/span>When creating a Host Group for all Workstations in an environment, what is the best method to ensure all workstation hosts are added to the group?<\/div><input type='hidden' name='question_id[]' id='qID_28' value='241588' \/><input type='hidden' id='answerType241588' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241588[]' id='answer-id-957476' class='answer   answerof-241588 ' value='957476'   \/><label for='answer-id-957476' id='answer-label-957476' class=' answer'><span>Create a Dynamic Group with Type=Workstation Assignment<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241588[]' id='answer-id-957477' class='answer   answerof-241588 ' value='957477'   \/><label for='answer-id-957477' id='answer-label-957477' class=' answer'><span>Create a Dynamic Group and Import All Workstations<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241588[]' id='answer-id-957478' class='answer   answerof-241588 ' value='957478'   \/><label for='answer-id-957478' id='answer-label-957478' class=' answer'><span>Create a Static Group and Import all Workstations<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241588[]' id='answer-id-957479' class='answer   answerof-241588 ' value='957479'   \/><label for='answer-id-957479' id='answer-label-957479' class=' answer'><span>Create a Static Group with Type=Workstation Assignment<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-29' style=';'><div id='questionWrap-29'  class='   watupro-question-id-241589'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>29. <\/span>Which role allows a user to connect to hosts using Real-Time Response?<\/div><input type='hidden' name='question_id[]' id='qID_29' value='241589' \/><input type='hidden' id='answerType241589' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241589[]' id='answer-id-957480' class='answer   answerof-241589 ' value='957480'   \/><label for='answer-id-957480' id='answer-label-957480' class=' answer'><span>Endpoint Manager<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241589[]' id='answer-id-957481' class='answer   answerof-241589 ' value='957481'   \/><label for='answer-id-957481' id='answer-label-957481' class=' answer'><span>Falcon Administrator<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241589[]' id='answer-id-957482' class='answer   answerof-241589 ' value='957482'   \/><label for='answer-id-957482' id='answer-label-957482' class=' answer'><span>Real Time Responder C Active Responder<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241589[]' id='answer-id-957483' class='answer   answerof-241589 ' value='957483'   \/><label for='answer-id-957483' id='answer-label-957483' class=' answer'><span>Prevention Hashes Manager<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-30' style=';'><div id='questionWrap-30'  class='   watupro-question-id-241590'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>30. <\/span>Where can you modify settings to permit certain traffic during a containment period?<\/div><input type='hidden' name='question_id[]' id='qID_30' value='241590' \/><input type='hidden' id='answerType241590' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241590[]' id='answer-id-957484' class='answer   answerof-241590 ' value='957484'   \/><label for='answer-id-957484' id='answer-label-957484' class=' answer'><span>Prevention Policy<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241590[]' id='answer-id-957485' class='answer   answerof-241590 ' value='957485'   \/><label for='answer-id-957485' id='answer-label-957485' class=' answer'><span>Host Settings<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241590[]' id='answer-id-957486' class='answer   answerof-241590 ' value='957486'   \/><label for='answer-id-957486' id='answer-label-957486' class=' answer'><span>Containment Policy<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-241590[]' id='answer-id-957487' class='answer   answerof-241590 ' value='957487'   \/><label for='answer-id-957487' id='answer-label-957487' class=' answer'><span>Firewall Settings<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div style='display:none' id='question-31'>\n\t<div class='question-content'>\n\t\t<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/plugins\/watupro\/img\/loading.gif\" width=\"16\" height=\"16\" alt=\"Loading...\" title=\"Loading...\" \/>&nbsp;Loading...\t<\/div>\n<\/div>\n\n<br \/>\n\t\n\t\t\t<div class=\"watupro_buttons flex \" id=\"watuPROButtons6763\" >\n\t\t  <div id=\"prev-question\" style=\"display:none;\"><input type=\"button\" value=\"&lt; Previous\" onclick=\"WatuPRO.nextQuestion(event, 'previous');\"\/><\/div>\t\t  \t\t  \t\t   \n\t\t   \t  \t\t<div><input type=\"button\" name=\"action\" class=\"watupro-submit-button\" onclick=\"WatuPRO.submitResult(event)\" id=\"action-button\" value=\"View Results\"  \/>\n\t\t<\/div>\n\t\t<\/div>\n\t\t\n\t<input type=\"hidden\" name=\"quiz_id\" value=\"6763\" id=\"watuPROExamID\"\/>\n\t<input type=\"hidden\" name=\"start_time\" id=\"startTime\" value=\"2026-05-09 13:12:11\" \/>\n\t<input type=\"hidden\" name=\"start_timestamp\" id=\"startTimeStamp\" value=\"1778332331\" \/>\n\t<input type=\"hidden\" name=\"question_ids\" value=\"\" \/>\n\t<input type=\"hidden\" name=\"watupro_questions\" value=\"241561:957368,957369,957370,957371 | 241562:957372,957373,957374,957375 | 241563:957376,957377,957378,957379 | 241564:957380,957381,957382,957383 | 241565:957384,957385,957386,957387 | 241566:957388,957389,957390,957391 | 241567:957392,957393,957394,957395 | 241568:957396,957397,957398,957399 | 241569:957400,957401,957402,957403 | 241570:957404,957405,957406,957407 | 241571:957408,957409,957410,957411 | 241572:957412,957413,957414,957415 | 241573:957416,957417,957418,957419 | 241574:957420,957421,957422,957423 | 241575:957424,957425,957426,957427 | 241576:957428,957429,957430,957431 | 241577:957432,957433,957434,957435 | 241578:957436,957437,957438,957439 | 241579:957440,957441,957442,957443 | 241580:957444,957445,957446,957447 | 241581:957448,957449,957450,957451 | 241582:957452,957453,957454,957455 | 241583:957456,957457,957458,957459 | 241584:957460,957461,957462,957463 | 241585:957464,957465,957466,957467 | 241586:957468,957469,957470,957471 | 241587:957472,957473,957474,957475 | 241588:957476,957477,957478,957479 | 241589:957480,957481,957482,957483 | 241590:957484,957485,957486,957487\" \/>\n\t<input type=\"hidden\" name=\"no_ajax\" value=\"0\">\t\t\t<\/form>\n\t<p>&nbsp;<\/p>\n<\/div>\n\n<script type=\"text\/javascript\">\n\/\/jQuery(document).ready(function(){\ndocument.addEventListener(\"DOMContentLoaded\", function(event) { \t\nvar question_ids = \"241561,241562,241563,241564,241565,241566,241567,241568,241569,241570,241571,241572,241573,241574,241575,241576,241577,241578,241579,241580,241581,241582,241583,241584,241585,241586,241587,241588,241589,241590\";\nWatuPROSettings[6763] = {};\nWatuPRO.qArr = question_ids.split(',');\nWatuPRO.exam_id = 6763;\t    \nWatuPRO.post_id = 47718;\nWatuPRO.store_progress = 0;\nWatuPRO.curCatPage = 1;\nWatuPRO.requiredIDs=\"0\".split(\",\");\nWatuPRO.hAppID = \"0.69675000 1778332331\";\nvar url = \"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/plugins\/watupro\/show_exam.php\";\nWatuPRO.examMode = 1;\nWatuPRO.siteURL=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-admin\/admin-ajax.php\";\nWatuPRO.emailIsNotRequired = 0;\nWatuPROIntel.init(6763);\nWatuPRO.inCategoryPages=1;});    \t \n<\/script>\n<p>\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[14748,14749],"tags":[14745,14743,14747,14746,14744],"class_list":["post-47718","post","type-post","status-publish","format-standard","hentry","category-crowdstrike","category-crowdstrike-falcon-certification-program","tag-ccfa-study-guide","tag-ccfa-200","tag-ccfa-200-dumps","tag-ccfa-200-exam-dumps","tag-ccfa-200-study-guide"],"_links":{"self":[{"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/posts\/47718","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/comments?post=47718"}],"version-history":[{"count":1,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/posts\/47718\/revisions"}],"predecessor-version":[{"id":47721,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/posts\/47718\/revisions\/47721"}],"wp:attachment":[{"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/media?parent=47718"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/categories?post=47718"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/tags?post=47718"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}